Close
Dr. Hugh Bradlow, Australian Academy of Technology and Engineering, shares his insights on the growing cybersecurity war, and how to manage risks and resilience in a world of unknowns.
My wife tutors English to Year 12 students and connects with her students via Facebook. Recently one of her ex-students contacted her to say that she had received a message ostensibly from my wife starting a conversation with her. At first I wondered whether my wife’s account had been hacked but then I discovered that this was a clever piece of social engineering. The attacker had created a fake profile in Facebook Messenger using my wife’s name and a picture of her scraped off the web. She had then started contacting people in my wife’s Facebook friends list (which by default is available to anyone on the web) pretending to be her. Fortunately the ex-student was sharp enough to detect that the conversation was out of kilter and alerted my wife.
Why is this relevant to cybersecurity? The point is that a very understandable mistake by my wife (not changing the default Facebook friends list setting) exposed her friends to ‘phishing attacks’. The attacker intended to lure people into clicking on a link which would have infected their computers and/or exposed their security credentials. While this attack was almost certainly done by a human (most likely, a low paid worker in a developing country), we can expect that in the future such attacks will be automated through the use of Artificial Intelligence enabling them to be conducted on a massive scale.
Phishing is just one form of attack (although the most common) in a bewildering array of attacks that are possible in the cyberworld. The results can be devastating. In 2014, a gang managed to use phishing to load malware into the computers of bank employees and stole a billion dollars from 100 banks around the world.
90% of Australian businesses experience cyber attacks yet only 40% of businesses have implemented 6 out of the 8 ‘essential’ security measures recommended by the Australian Signals Directorate, according to the Canon Business Readiness Index 2018: Information Security.
So, can we win the cybersecurity war? The short answer is (to quote President Obama) “Yes we can”, but not by ignoring the problem. Three quarters of cybercrime is financially motivated. If you are a business you are a target, so you need to deny the criminals any opportunity.
So how can you protect your business?
Protect your environment and make allowances for the fact that human error (such as the example I gave above) is inevitable. Invest in people, processes and technology tools to protect the identities of your employees, computers, smartphones and networks that you need to conduct your business. Have someone responsible for managing your cybersecurity, ensuring that you are up to date on the latest threat intelligence, are monitoring and logging all the activity on your network, performing daily versioned backups (for example, to protect yourself against ransomware), that your employees are using 2-factor authentication to access your systems and that your computer systems are up-to-date with the latest security patches.
If you don’t, the results can result in an existential crisis for your business. For example, Equifax did not perform a timeous update to one of their web servers systems and managed to lose the personal details (including social security numbers) of 143 million customers.
It’s time to treat cybersecurity as a major business risk. If you can’t manage it yourself find someone who can like Canon Business Services.
Please join Dr Hugh Bradlow, President of The Australian Academy of Technology and Engineering as he discusses how to manage cybersecurity threats in a world of unknowns at our upcoming webinar.
Confidentiality is essential in the legal profession and the stakes are high for your clients and your professional reputation. Canon’s iR-ADV Gen III Series III multifunction devices are designed to boost efficiency and are packed with security features to minimise the risk of cyber-attack.
In the new era of law, contracts are being completely re-designed or even re-imagined in various ways to make them easier to understand
Data science can give you the insights you need to create new services and transform your business. But, if you don’t understand your data, you risk making bad business decisions or worse, automating them for years to come. Here’s a few things you should know to get started.
With modern technology, the healthcare sector is becoming more connected with an increasing number of ‘things’ now using software, for example medical devices. It’s creating a new world of cybersecurity concerns, but how does the healthcare sector measure up when it comes to managing Information Security?
With cyber crime on the rise in Australia, it’s becoming more important than ever to protect your business with cyber security training. We look at how your employees are your best weapon against cyber attacks.
As technology enters classrooms, auditoriums and libraries, it brings new risks to the education sector. All it takes is one click from a student device to potentially compromise your entire network. Faced with these various threats, does the education sector receive a ‘High Distinction’ for its efforts to protect its troves of student and staff data? Recent findings from the inaugural Canon Business Readiness Index on Security suggest not.
In this digital world, data management is a significant responsibility and a data breach is an equally significant risk. Should things go wrong, businesses must take steps to minimise the impact. With the changes to the Privacy Act coming into effect this week, Andrew Giles, Head of Public Relations and Communications for Canon Australia, shares insights on how to preserve trust and maintain strong customer relationships.
There is a lack of clear standards relating to how school records should be secured. As a result, the level of security varies from school to school, and sometimes within an institution itself. What can you do to ensure your school is exercising best practice with your school records?
If you're on the Internet, you face security risks. You can no longer afford to assume that your business won't be a target because you're not big enough. Here are some big business takeaways that can substantially benefit your business' security.
In February 2018, Australia’s privacy law will change. If your organisation is covered by the Australian Privacy Act (this includes all Australian government agencies, and businesses and not-for-profit organisations with an annual turnover of $3million or more), then these changes will apply to you.
After years of hype, artificial intelligence is ready to disrupt the workforce – and it’s time for executives across industries to pay attention.
